Systems and methods for group bandwidth management in a communication systems network

ABSTRACT

An embodiment is a method of managing bandwidth, performed by a computing system. The system receives user-selected connection parameters associated with a subscriber device. The system associates a network identifier of the subscriber device with a group bandwidth policy, based on the user-selected connection parameters. The system stores, in computer-readable storage media, parameters associated with the group bandwidth policy, in association with the network identifier of the subscriber device. The system receives, at a gateway device, network communication data from the subscriber device. The system limits, at the gateway device, bandwidth available to the network communication data, based on the stored parameters associated with the group bandwidth policy.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. patent application Ser. No. 13/352,255, filed Jan. 17, 2012, which claims the benefit of priority to U.S. Prov. Pat. App. No. 61/433,908, filed Jan. 18, 2011. This application is related to, but does not claim priority to, U.S. Pats. Nos. 6,636,894, 7,194,554, 7,689,716, 7,698,432, and 7,739,383. All of the aforementioned patents and applications are hereby incorporated by reference as if set forth herein in their entireties.

BACKGROUND OF THE INVENTION

The field of communication systems network management is widely practiced. In today's global mobile world, network access is practically a requirement for daily life. As the number of people seeking access to networks continues to increase, the demand for reliable mechanisms for network owners to efficiently and effectively manage their resources increases as well.

There is a need for a network operator to limit total bandwidth on a per-subscriber basis when the subscriber has multiple physical devices. For example, consider a network communication system operated in a hotel. The modern business traveler staying in the hotel may use a laptop, a tablet computer, and a smartphone. Each of these devices is configurably operable to access a network. This business traveler can access the hotel network with each device but may be required to purchase access for each individual device. Alternatively, the network operator can allow all the devices onto the network using a single subscription, but the operator has no control over the aggregate bandwidth consumed by the single subscriber. In other words, the present art does not provide a way for the hotel network communication system operator to limit the bandwidth to the group of devices for a particular subscriber, which, in this example, is the business traveler.

SUMMARY OF THE INVENTION

The present disclosure provides a solution to the above problem by allowing a network management system to allocate a section of bandwidth that can be shared among multiple devices. For example, the above described traveler can purchase a single network subscription which will allocate a certain amount of bandwidth to that subscriber. The traveler can then choose to use all of the bandwidth for his laptop or the traveler can add his other network enabled devices to his subscription and share his allocated bandwidth. The network will then manage all of his devices such that the combined bandwidth used at any given time by all of the included devices does not exceed the traveler's bandwidth maximum. Allocation of bandwidth between devices can be performed dynamically by the network administration or the network user (e.g., the traveler) can choose to allocate the allotted bandwidth between the devices on his subscription. In an embodiment, a user can associate a number of devices with an account such that the next time the user purchases a subscription, all of his devices will be recognized and he does not have to authorize each device again.

The present disclosure also describes a way for a network operator to limit total bandwidth allotted to an event (e.g., conference, baseball game) serving multiple subscribers (e.g., conference attendees, season ticket holders). For example, consider a network communication system operated at a convention center. Conference organizers may desire to provide network access to attendees. As with the hotel network operator, the convention center network operator can allocate bandwidth for each attendee. This solution is generally cumbersome and usually involves assigning each attendee the same bandwidth rather than aggregating the bandwidth allocated for the event to a group of subscribers. The present disclosure provides a system for allowing the conference organizers to group attendees together and allocate blocks of bandwidth between attendees. For example, general attendees may be allocated to a block of bandwidth that is pooled and shared while conference presenters or VIPs are allocated to a second block of bandwidth that provides, generally speaking, more bandwidth per user.

One innovative aspect of the subject matter described in this disclosure can be implemented in a method for managing a communication systems network comprising, receiving a signal, associating the signal with a host, identifying a group policy for the host, transforming the signal according to the group policy for the host, and transmitting the signal according to the group policy for the host.

An embodiment is a method of managing bandwidth, performed by a computing system. The system receives user-selected connection parameters associated with a subscriber device. The system associates a network identifier of the subscriber device with a group bandwidth policy, based on the user-selected connection parameters. The system stores, in computer-readable storage media, parameters associated with the group bandwidth policy, in association with the network identifier of the subscriber device. The system receives, at a gateway device, network communication data from the subscriber device. The system limits, at the gateway device, bandwidth available to the network communication data, based on the stored parameters associated with the group bandwidth policy.

In an embodiment, the network identifier comprises a MAC address of the subscriber device.

In an embodiment, the parameters associated with the group bandwidth policy comprise a group bandwidth policy identifier, an uplink bandwidth, and a downlink bandwidth.

In an embodiment, the system associates a second network identifier of a second subscriber device with the group bandwidth policy. The system limits bandwidth available to the subscriber device and the second subscriber device based on the stored parameters associated with the group bandwidth policy.

In an embodiment, the user-selected connection parameters are received at a portal page server.

An embodiment is a network system configured to manage bandwidth of subscribers with multiple subscriber devices connected to the network system. The network system includes a gateway device configured to connect a plurality of subscriber devices to an external network. The gateway device comprises a computer processor and one or more network ports. The network system includes an Authentication, Authorization and Accounting (AAA) server storing data relating to a group bandwidth policy associated with a subset of the subscriber devices. The gateway device is configured, upon receiving a communication request from a subscriber device, to transmit a request for authentication information to the AAA server. The request comprises a network identifier associated with the subscriber device. The AAA server is configured to determine, in response to the request for authentication information, that the subscriber device is associated with the group bandwidth policy, based at least in part on the network identifier associated with the subscriber device; the AAA server further configured to transmit, to the gateway device, an authentication response comprising the data relating to the group bandwidth policy. The gateway device is further configured to limit the bandwidth available to the subscriber device based upon the data relating to the group bandwidth policy, and further based upon the bandwidth being used by other subscriber devices associated with the group bandwidth policy.

In an embodiment, the gateway device and AAA server are housed within a single device.

In an embodiment, the gateway device and AAA server are separate devices.

In an embodiment, the network system also includes a portal page server configured to complete an enrollment procedure with the subscriber device. The AAA server is configured to determine that the subscriber device is associated with the group bandwidth policy based at least in part on data stored by the portal page server in response to the enrollment procedure.

In an embodiment, the request for authentication information comprises a RADIUS or Diameter protocol request, and the authentication response comprises a RADIUS or Diameter protocol response.

In an embodiment, the gateway device is further configured to limit the bandwidth available to the subscriber device by queuing one or more packets received from the subscriber device.

An embodiment is a method of associating a group of network enabled computers with a network access subscription. A system associates a device network identifier for each of a plurality of network devices with a single network access subscription. The system allocates a subset of available bandwidth with the single network access subscription. The system provides network access to the plurality of network devices. The plurality of network devices share the allocated subset of available bandwidth.

In an embodiment, the device network identifier comprises a MAC address.

In an embodiment, the subset of available bandwidth comprises a subset of available uplink bandwidth and a subset of available downlink bandwidth.

In an embodiment, the method is performed at a network system comprising a gateway device. The plurality of devices are connected to the network system, and wherein the plurality of network devices share the allocated subset of available bandwidth by the gateway device delaying transmission of data packets received from the plurality of network devices.

In an embodiment, associating a network device identifier for each of a plurality of network devices with a single network access subscription comprises storing, in computer-readable storage, the network device identifier for each of the plurality of network devices, in association with an identifier of the single network access subscription.

An embodiment is a network system which associates a plurality of devices with a single network subscription. The system includes one or more device side interfaces for communicating with a plurality of user devices. The system includes one or more network side interfaces for communicating with a wide area network. The system includes one or more processors configured to associate at least two of the plurality of user devices with a single network subscription. The network subscription provides a subset of available bandwidth to be shared by the at least two of the plurality of user devices.

In an embodiment, the system also includes a portal page server configured to receive enrollment data from at least one of the plurality of user devices. The portal page server is configured to cause the one or more processors to associate the at least one of the plurality of user devices with the single network subscription based on the received enrollment data.

In an embodiment, the one or more processors are further configured to limit the bandwidth of data transmitted or received at the one or more device side interfaces from the at least two of the plurality of user devices, based at least in part on an indication of a user-selected bandwidth level associated with the single network subscription.

In an embodiment, the one or more processors are further configured to dissociate a user device from the single network subscription in response to a determination that the user device has disconnected.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a computing system as used in an embodiment.

FIG. 2 is a flow chart of a process of implementing a group bandwidth policy as used in an embodiment.

FIG. 3 is a flow chart of a process of creating a session for a subscriber device as used in an embodiment.

FIG. 4 is a flow chart of a process of authenticating data sent by a subscriber device as used in an embodiment.

FIG. 5 is a flow chart of a process of handling data received from a subscriber device as used in an embodiment.

FIG. 6 is a process of handling data received from an external network that is directed to a subscriber device as used in an embodiment.

FIG. 7 is a flow chart of a process of managing records of group bandwidth policies as used in an embodiment.

FIG. 8 is a sample user interface for selecting a group bandwidth enrollment as used in an embodiment.

FIG. 9 is a sample user interface used to enable a group bandwidth policy feature according to one embodiment.

FIG. 10 is a sample user interface used to view information about subscribers for a group according to one embodiment.

FIG. 11 is a block diagram of a network system connecting subscriber devices to a network, as used in an embodiment.

FIG. 12 is a flowchart of a process of associating one or more computers or other computing devices with a network access subscription, as used in an embodiment.

FIG. 13 is a block diagram of a computer system as used in an embodiment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Details of embodiments of the subject matter described in this specification are set forth herein. Other features, aspects, and advantages will become apparent from the description, the drawings, and the claims.

In an embodiment, an “enrollment” is an instance of purchased service. Examples of enrollment include: 1) an individual subscriber purchasing network access for a chosen duration of time; and 2) purchasing of network access for an event (e.g., conference, baseball game) shared by a group of subscribers.

In an embodiment, a “session” is an authorization for a single subscriber device to access the network. For example, an enrollment may: 1) authorize ability to create multiple sessions for an individual subscriber; or 2) authorize a group of subscribers to authenticate using the same credentials.

FIG. 1 is a block diagram of a computing system as used in an embodiment of the invention. The system may include gateway device 101, Authentication, Authorization, and Accounting (AAA) server 102, and portal page server 103. The system may be connected to one or more networks 108, as well as one or more subscriber devices 106. The system may further include one or more data sources, such as group bandwidth policies data 104 and enrollments data 105. In various embodiments, the computing devices, such as gateway device 101, AAA server 102 and portal page server 103, may be housed in a single device or in separate devices, or any combination thereof. Additional components may be included, such as a Property Management System (PMS) to receive and/or provide user account information.

In an embodiment, the devices of the system are connected via a local area network (LAN) that is connected to an external network 108, such as the Internet, via a gateway device 101. In other embodiments, one or more components of the system may be external to the local area network. For example, portal page server 103 and/or AAA server 102 may be connected externally via the Internet. Furthermore, in various embodiments, the components of the system may operate on a different type of network, such as a wide area network, a virtual private network, a corporate intranet, or the like.

Gateway device 101 provides various network services to subscriber device 106, such as, for example, connectivity to external networks 108. In various embodiments, the gateway device may comprise a single device or multiple devices. Some of the services that may be provided by gateway device 101 are described in U.S. Pat. No. 7,194,554, which is hereby incorporated by reference. Any subset of those services, or any other services, may be provided, in an embodiment. In the embodiment of FIG. 1, the gateway device is located between subscriber devices 106 and external networks 108. In other embodiments, the gateway device may be arranged in a different network topology, and may not be located between subscriber devices 106 and external networks 108. For example, an intermediary network device may be used to connect subscriber devices 106 and external networks 108, and that intermediary network device may communicate some or all network communications to gateway device 101. Thus, the gateway device is not necessarily limited to being a “gateway” as understood in the art of computer networks, and it is not necessarily limited to being a single device. In some embodiments, the gateway functionality described herein and can shared by a distributed group of devices or network system.

In an embodiment, gateway device 101 is configured to limit the bandwidth available to subscriber device 106 in accordance with one or more group bandwidth policies. A “group bandwidth policy” enables a subscriber to purchase or otherwise obtain a user-selected bandwidth or quality of service for multiple subscriber devices. For example, a subscriber having one or more network devices, such as laptops, mobile phones, tablet computers, and the like, may purchase a certain amount of bandwidth to be allocated for all of the subscriber's devices in total. Gateway device 101 may employ packet delaying, queuing, and/or dropping strategies in order to limit bandwidth, as described in detail in U.S. Pat. No. 7,739,383, which is hereby incorporated by reference.

In an embodiment, bandwidth limitations resulting from group bandwidth policies or other bandwidth policies are based on user selections which may be unrelated to the total bandwidth available. For example, the gateway device 101 may be able to communicate at a speed of 10 Mbps with networks 108 and subscriber devices 106. If no bandwidth limitations were present, then subscriber devices 106 would be able to communicate with networks 108 at the full speed of 10 Mbps. However, if a subscriber device is associated with a group bandwidth policy that is limited to a speed of 2 Mbps, then that subscriber device may be limited to 2 Mbps, even if further bandwidth is available.

In an embodiment, if two or more devices are associated with a group bandwidth policy limited to 2 Mbps, then the total bandwidth available to those two devices would be 2 Mbps, even if further bandwidth is available, so if one device is using 1.5 Mbps of bandwidth, the other would be limited to a maximum of 0.5 Mbps. In an embodiment, the bandwidth available to subscriber devices associated with a group bandwidth policy may be further limited due to system capacity and constraints. For example, if there are ten subscriber devices, each associated with a separate bandwidth policy of 2 Mbps, and the network is limited to 10 Mbps total, then the gateway device 101 or other network system component may determine to allocate 1 Mbps to each subscriber device, or assign some other allocation in accordance with network usage, quality of service parameters, service levels purchased by users, or the like.

While the present disclosure presents implementations including group bandwidth policies for managing the minimum and maximum upstream bandwidth for a group, it will be appreciated that a group bandwidth policy is not limited to these features. It is envisioned that a group bandwidth policy may include other quality of service related parameters such as fairness weights, priority, differentiated services code point, etc.

In an embodiment, gateway device 101 obtains information about a group bandwidth policy to be associated with a subscriber device 106 during an authentication process. Each subscriber device 106 connected to gateway device 101 may be associated with a group bandwidth policy. Alternately, a subscriber device 106 may be associated with an individual bandwidth policy or some other policy, or even no policy at all. The appropriate bandwidth policy information may be obtained by gateway device 101 from AAA server 102. The gateway device may further store information relating to group bandwidth policies in data repository 104. Other bandwidth information, as well as other subscriber information, may be stored in repository 104, which may be internal or external to the gateway device.

AAA server 102 provides authentication and subscriber information data to other components of the system, such as gateway device 101. AAA server 102 may communicate with these components via any number of standard and/or proprietary network protocols. In various embodiments, AAA server 102 communicates with gateway device 101 using the Remote Authentication Dial In User Service (RADIUS) protocol, the Diameter protocol, an XML protocol, and/or the like. Thus, gateway device 101 may transmit requests for authentication information relating to a subscriber device 106 to AAA server 102. In response, AAA server 102 may provide subscriber information, including group bandwidth policy information, to gateway device 101.

The group bandwidth policy information provided by AAA server 102 may be derived from a data source, such as enrollments data repository 105. This data repository may contain information about subscriber enrollments. For example, in an embodiment, a subscriber may purchase a certain level of bandwidth or service for multiple computing devices used by that subscriber. The information about the service package purchased by the subscriber may be stored in enrollments repository 105. Thus, the subscriber's purchase information may be obtained by AAA server 102 and used to determine an appropriate group bandwidth policy for a subscriber device 106 associated with a particular subscriber.

In an embodiment, data repositories 104 and/or 105 may be maintained in memory or other non-transitory computer-readable media such as a storage drive. The data may be formatted, for instance, in a relational database or a data file (e.g., XML). In an embodiment, data repositories 104 and/or 105 may feature an indexed collection of group bandwidth policies. All subscribers sharing the same group bandwidth policy identifier belong to the same group.

In an embodiment, the system enables a subscriber device to be associated with one or more bandwidth-limiting groups, such as multiple group bandwidth policies, a group bandwidth policy and an individual bandwidth policy, and the like. Conflicts between multiple groups may be configurably resolved. For example, the system may be configured to use the lowest bandwidth setting from among multiple groups associated with a subscriber device, it may be configured to prefer group bandwidth policies over individual bandwidth policies or vice versa, it may be configured to prompt the user to select a policy, or the like.

Portal page server 103 may provide authentication and/or enrollment services to subscribers. For example, a subscriber wishing to purchase or otherwise obtain network access may communicate information to portal page server 103, such as authentication information, payment information, hotel room information, or the like. Portal page server 103 may use this information to determine an appropriate level of service, such as a bandwidth level, for the subscriber and store information relating to that level of service in enrollments repository 105.

In an embodiment, a subscriber device 106 accesses portal page server 103 in response to a redirection procedure that occurs when subscriber device 106 attempts to connect to an external network or network location. One such process of redirection is described in detail in U.S. Pat. No. 7,194,554, which is hereby incorporated by reference.

The components of the system, such as gateway device 101, AAA server 102, and/or portal page server 103, may be configured to provide a management interface so that administrators of the system may determine information about the system's usage. For example, gateway device 101 may present a management interface 107 to authorize system administrators. The management interface may provide information such as, for example, group bandwidth policies installed in repository 104, information about subscriber devices 106 that are connected, information about enrollments stored in repository 105, and the like. Management interface 107 may present data in a variety of formats, such as an HTML interface, an XML data feed, and the like.

FIG. 2 is a flow chart of a process of implementing a group bandwidth policy as used in an embodiment. The process may be performed on a system, such as that shown in FIG. 1.

At block 201, a subscriber device 106 authenticates with portal page server 103. The authentication information may include identity information and/or billing and payment information, and it may identify a user-selected level of service. This level of service may be, for example, on individual bandwidth policy or a group bandwidth policy. The selected policy may include a selection of a maximum uplink bandwidth and/or a maximum downlink bandwidth. Thus, the bandwidth for data transmitted by the subscriber and data received by the subscriber may be limited differently. The user may select the particular bandwidth speeds in an embodiment, or the user may select from a list of predefined bandwidth options.

At block 202, the portal page server 103 identifies group bandwidth policy parameters. These parameters are determined based on the authentication information or other information provided by the subscriber device at block 201. The authentication information from block 201 may indicate that a new group bandwidth policy is to be created in conjunction with a new enrollment. In such a case, portal page server 103 may store new enrollment information in data repository 105 or otherwise communicate such policy information to AAA server 102.

In an embodiment, a subscriber selects a group bandwidth policy by providing group identification information (e.g., credentials, group name, group identifier, group password) to the system. In an embodiment, the MAC address of the subscriber's device is associated with the group bandwidth policy in advance of network access thereby allowing the device to easily access the network as part of the group bandwidth policy.

In an embodiment, the authentication information from block 201 may indicate that the subscriber device is to be associated with an existing group bandwidth policy. In such a case, at block 202, the appropriate policy is identified and information identifying the subscriber device is associated with that policy. Thus, in an embodiment, AAA server 102 has access to information relating to group bandwidth policies and information relating to associations between subscriber devices and group bandwidth policies. The association with a subscriber device may be based on a MAC address, IP address, circuit ID, mobile phone identifier, or the like.

At block 203, the group bandwidth policy parameters from block 202 are sent to gateway device 101. In various embodiments, the parameters may be sent immediately after they are determined at block 202, or they may be sent in response to a request by the gateway device. The latter embodiment may be used, for example, where the gateway device 101 and AAA server 102 communicate via a RADIUS or Diameter protocol.

At block 204, gateway device 101 stores the group bandwidth policy parameters—for example, in data repository 104. In an embodiment, the gateway device first determines whether the group bandwidth policy is already stored in repository 104. This may be the case, for example, where a subscriber is connecting a second device to the network and the appropriate group bandwidth policy is already stored in repository 104 due to the subscriber's first device. In such a case, the gateway device may, in an embodiment, update the group bandwidth policy information stored in repository 104 if it detects that there have been any changes. Furthermore, gateway device 101 may be configured to remove group bandwidth policy information from repository 104 when gateway device 101 determines that such information is no longer necessary—for example, when all subscriber devices associated with a particular group bandwidth policy have disconnected from the network.

Updating a group bandwidth policy may be necessary, for example, if during system operation, a group policy changes (e.g., revision to maximum bandwidth). An example of an event causing the change is the subscriber purchases additional bandwidth for the group. The network operator changing the allocated bandwidth for the group, manually or dynamically according to configurable parameters, is also an event in an example implementation that would cause the group policy to change. In an embodiment, when the group policy changes the change is communicated to all sessions for the group, for example, via AAA server 102 or gateway device 101.

At block 205, gateway device 101 proceeds to limit the bandwidth available to subscriber device 106, in accordance with the group bandwidth policy parameters received at block 203 and stored at block 204. The gateway device may use any of a variety of algorithms to perform this bandwidth limitation, such as queuing, delaying, and/or dropping packets. Where multiple subscriber devices are associated with a single group bandwidth policy, gateway device 101 may apply various strategies for allocating the available bandwidth among those devices, in various embodiments. For example, the gateway device may employ a “best effort” strategy in which it treats all data to and from the devices associated with a particular policy as if that data were being transmitted to and from a single device, and limits the bandwidth accordingly. In other embodiments, the subscriber may be given the option of allocating the available bandwidth among the subscriber's devices. For example, the subscriber may choose to allocate the bandwidth evenly among the subscriber's devices, or to allocate more bandwidth to one device and less bandwidth to other devices. In a further embodiment, gateway device 101 may determine the likely or probable bandwidth usage of various subscriber devices and allocate bandwidth accordingly. For example, gateway device 101 may determine that a laptop is likely to require more bandwidth than a mobile phone and accordingly allocate more bandwidth to the laptop than to the mobile phone.

FIG. 3 is a flow chart of a process of creating a session for a subscriber device, as used in an embodiment. The process may be performed, for example, at portal page server 103, shown in FIG. 1. The process of FIG. 3 may be performed, for example, when a subscriber device first connects to a network. Thus, it may be performed, for example, at block 201 of FIG. 2.

At block 301, portal page server 103 receives a request for a new session transmitted by subscriber device 106. This request for a new session may be transmitted by the subscriber device in response to a redirection procedure performed when subscriber device attempts to connect to an external network location. The request may further include information transmitted from subscriber device 106 to portal page server 103 via one or more web pages or other network communications subsequent to the redirection procedure. Alternately, the request may be received when the subscriber device directly contacts the portal page server. The request may be transmitted via HTTP or other network protocols, in various embodiments.

At block 302, the portal page server 103 determines whether to create a new enrollment based on the request from block 301. For example, the request may identify on existing enrollments with which the subscriber device wishes to be associated. Alternatively, the request may include information for creating a new enrollment if the subscriber has not yet connected any other devices to the network.

If, at block 302, the portal page server determines that a new enrollment is to be created, then at block 303, the portal page server determines group bandwidth parameters to be associated with the enrollment. The parameters may be determined based on a selection of a group bandwidth policy at block 301. In an embodiment, the subscriber may opt for a policy different from a group bandwidth policy, such as an individual bandwidth policy, or no policy at all. In such a case, the portal page server would take appropriate actions based on the subscriber's selection.

At block 304, the portal page server constructs a new group bandwidth policy in accordance with the parameters determined at block 303. This new group bandwidth policy may be stored, for example, in enrollments data repository 105. The portal page server 103 then goes on to associate a new session involving the subscriber device 106 with the newly created policy at block 305.

If, at block 302, the portal page server 103 determines not to create a new enrollment, then at block 307, the portal page server 103 determines an appropriate group bandwidth policy to be associated with the subscriber device. The portal page server 103 may determine that no group bandwidth policy is to be associated with the subscriber device—for example, when the subscriber has selected an individual bandwidth policy or no bandwidth policy at all. In such cases, the portal page server acts accordingly. If, however, an appropriate group bandwidth policy is determined at block 307, then the portal page server proceeds to block 305 and associates the determined group bandwidth policy from block 307 with the subscriber device 106 in a new session.

At block 306, the portal page server communicates the group bandwidth policy to gateway device 101. This may be done directly or in response to a request from the gateway device. Accordingly, the gateway device will have information relating to the group bandwidth policy and it will be able to limit the subscriber device's bandwidth accordingly.

Although the process of FIG. 3 has been described with respect to a portal page server 103, it may be performed by a combination of devices. For example, the AAA server 102 may perform one or more of the blocks of FIG. 3. In one embodiment, the AAA server performs blocks 305 and 306. In one embodiment, the AAA server performs blocks 302-304 and 307.

Enrollments may be created via a process such as that described in FIG. 3, or by other means. For example, an administrator of the network system may create an enrollment with an associated group bandwidth policy and store it directly in the system. This may be useful, for example, where the group bandwidth policy is to be applied to a large meeting, such as a conference or convention, in which case it is desirable to have the group bandwidth policy installed and activated prior to the meeting.

FIG. 4 is a flow chart of a process of authenticating data sent by a subscriber device as used in an embodiment. The process may be performed, for example, at gateway device 101 of FIG. 1. In an embodiment, the process of FIG. 4 is performed when subscriber device 106 sends a request directed to an external network location for the first time subsequent to creating a session according to the process of FIG. 3, or at every time that data is received by the gateway device.

At block 401, gateway device 101 receives data from subscriber device 106. In an embodiment, the data may relate to a request directed to an internal or external network location. The data may be directed to the gateway device or it may be directed to another network component which is configured to forward such data to the gateway device.

At block 402, the gateway device 101 determines whether the subscriber device 106 requires authentication. It may make this determination, for example, based on whether there is a group bandwidth policy or other bandwidth policy associated with the subscriber device 106 stored in data repository 104, or if it was previously authenticated. If gateway device 101 determines that no authentication is required, then the data received at block 401 is transmitted at block 408 in accordance with any group bandwidth or other policy associated with subscriber device 106. The association between the subscriber device and the group bandwidth policy may be determined, for example, based on an association between the two stored in the gateway device.

If gateway device 101 determines that the subscriber does require authentication at block 402, then at block 403, the gateway device sends a request to the AAA server 102. In an embodiment, the request is in the form of a RADIUS or Diameter protocol request. The request may include information identifying the subscriber device, such as a MAC address, IP address, circuit ID, mobile phone identifier, or the like.

At block 404, gateway device 101 receives a response from AAA server 102, which includes a group bandwidth policy. In an embodiment, the received policy includes a policy identifier, a maximum uplink bandwidth, and a maximum downlink bandwidth. Any subset of this information and/or other information may be included in the group bandwidth policy received from the AAA server. The gateway device may alternately receive other information at block 404, such as individual bandwidth policy information, no bandwidth policy information, or an indication that the subscriber device has not authenticated. In the last of those cases, the gateway device may be configured, in an embodiment, to redirect the subscriber device to portal page server 103 so that the subscriber device may complete an authentication process.

At block 405, the gateway device 101 determines whether the group bandwidth policy received at block 404 is already installed—for example, in data repository 104. The gateway device may make this determination based on a group bandwidth policy identifier received at block 404 and/or other forms of referencing the group bandwidth policy, such as a pointer to a memory location. If the gateway device determines that the group bandwidth policy is already installed, then at block 406, the gateway device updates the group bandwidth policy, if necessary. Otherwise, at block 407, the gateway device installs the group bandwidth policy in data repository 104. Finally, at block 408, the gateway device transmits the received data in accordance with the appropriate group bandwidth or other policy.

FIG. 5 is a flow chart of a process of handling data received from a subscriber device as used in an embodiment. The process may be performed by a gateway device 101, as shown in FIG. 1. The process may be performed, for example, at block 408 of FIG. 4 or at other times when data is received by the gateway device.

At block 501, the gateway device 101 receives data from subscriber device 106. Based on the data received, and information identifying the subscriber device in that data, the gateway device determines a group bandwidth policy for the device at block 502.

At block 504, the gateway device 101 determines a maximum bandwidth based on the group bandwidth policy for the device. In an embodiment, the maximum bandwidth is a maximum uplink bandwidth associated with the group bandwidth policy.

The gateway device determines whether the maximum bandwidth has been exceeded at block 504. If it has been exceeded, then at block 503, the gateway device restricts bandwidth by queuing, delaying, policing, and/or dropping data transmissions, or by other means. However, if the maximum bandwidth has not been exceeded, then at block 505, the gateway device transmits the received data.

FIG. 6 is a process of handling data received from an external network that is directed to a subscriber device as used in an embodiment. This process may be performed at gateway device 101 of FIG. 1.

At block 601, the gateway device receives data from an external network. The gateway device determines a subscriber device to which the received data is directed, and then at block 602, the gateway device determines a group bandwidth policy for that device.

The gateway device then determines, at block 604, a maximum bandwidth based on the group bandwidth policy. In an embodiment, the maximum bandwidth is a maximum downlink bandwidth. If, at block 604, the gateway device determines that the maximum bandwidth has been exceeded, then at block 603, the bandwidth is limited by queuing or delaying the data transmission. However, if the maximum bandwidth has not been exceeded, then at block 605, the data received at block 601 is transmitted to the appropriate subscriber device.

FIG. 7 is a flow chart of a process of managing records of group bandwidth policies as used in an embodiment. The process may be performed at gateway device 101 of FIG. 1 and group bandwidth policy data repository 104.

At block 701, the gateway device 101 determines that a subscriber device has logged out of the network system. The gateway device may make this determination based on an explicit logout command transmitted by subscriber device 106, a session timeout, an idle timeout, a deletion of a subscriber by a system administrator, and the like.

At block 702, the gateway device 101 determines a group bandwidth policy associated with the subscriber device of block 701. If there is no group bandwidth policy associated with the device, then the gateway device acts accordingly. However, if a group bandwidth policy is identified, then the gateway device proceeds, at block 703, to determine whether there are other subscriber devices associated with the same group bandwidth policy. It may make this determination, for example, for querying data repository 104 for subscriber devices associated with the same group bandwidth policy.

If, at block 703, the gateway device 101 determines that there are other devices associated with the group bandwidth policy, then the process terminates at block 705. However, if the gateway device determines that no other subscriber devices are associated with the group bandwidth policy, then at block 704, the gateway device proceeds to remove the group bandwidth policy information. For example, the information may be removed from data repository 104.

The process shown in FIG. 7 thus allows gateway device 101 or other devices of the system to manage records of group bandwidth policies that have been stored. Other methods may be employed, such as, for example, periodically scanning through data repository 104 and removing group bandwidth policy information that is not associated with any connected subscriber.

FIG. 8 is a sample user interface for selecting a group bandwidth enrollment, as used in an embodiment. The interface may be presented to a subscriber device 106 by portal page server 103. It may be presented, for example, during block 301 of FIG. 3.

The user interface enables a user to join an existing group using input elements 801. The user may provide identifying information associated with a group bandwidth policy, such as a group name and/or password. In various embodiments, different types of identifying information may be employed.

A user may also create a new group using interface elements 802. In an embodiment, the user may provide information, such as a group name, password, and selection of a bandwidth level. In various embodiments, different types of identifying information may be employed, such as an access code, a room number, a predefined key provided by a system administrator or other entity, a group secret code, or the like. In an embodiment, the user may further provide payment information using interface elements 803. In various embodiments, additional information and/or any subset of this information, may be requested. In various embodiments, only elements 802 or 803, may be included. The user may then submit the contents of the form shown in FIG. 8 to portal page server 103 or another appropriate server, to thereby create a new session and/or enrollment.

FIG. 9 is a sample user interface used to enable a group bandwidth policy feature according to one embodiment. The interface may be presented by gateway device 101 as part of management interface 107 of FIG. 1. Installing a group bandwidth policy involves establishing a group bandwidth policy identifier and other communication network system management properties to associate with the group bandwidth policy (e.g., short name for the group, description of the group, maximum upstream bandwidth, maximum downstream bandwidth, encryption level, group session timeout). In an implementation, the group bandwidth policy is defined through an application interface (e.g., web-service, RMI). The application interface may accept, for example, a document (e.g., XML) containing one or more group bandwidth policy definitions. It will be appreciated that similar interfaces are used to maintain installed groups as well.

FIG. 10 is a sample user interface used to view information about subscribers for a group according to one embodiment. The interface may be presented by gateway device 101 as part of management interface 107 of FIG. 1. The user interface shows a variety of data including the identity of the device, the IP address, the port, a user name, the group policy, the bandwidth, the throughput, the authentication (AAA) state, expiration, idle timeout, bytes sent, bytes received, total bytes, and the proxy in use. In an example implementation, a similar interface displays the same information, but aggregated, for example, at the group level to show all subscribers affiliated with the group.

FIG. 11 is a block diagram of a network system connecting subscriber devices to a network, as used in an embodiment. Network system 1101 may be, for example, gateway device 101 of FIG. 1, possibly in combination with AAA server 102, portal page server 103, data repository 104, data repository 105, and/or other components.

In an embodiment, network system 1101 includes a wide-area network (WAN) interface 1102, one or more processors 1103, and local-area network (LAN) interface 1104. The WAN interface 1102 may be connected to one or more external networks 1105, such as the Internet. The LAN interface 1102 may be connected to one or more subscriber devices 1107, possibly via one or more intermediary network devices such as hubs, routers and/or switches. The LAN may be a network of any type, such as an Ethernet network, a token ring network, a dial-up network, or the like, or any combination of networks. The WAN may similarly be a network of any type or combination. In an embodiment, subscriber devices 1107 are able to communicate with the external networks 1105 through the network system 1101.

The network system 1101 may be configured to manage bandwidth available to subscriber devices 1107. In an embodiment, network system 1101 is in communication with data repository 1106, which may be internal to or external to the network system. The network system may be configured to associate one or more subscriber devices 1107 with a subscription. For example, as shown in FIG. 11, subscriber devices #1 and #2 are associated with subscription A, and devices #3 and #4 are associated with subscription B. Within data repository 1106, subscriptions may be identified by a subscription identifier, such as a unique integer, and subscriber devices may be identified by a device identifier, such as a MAC address or other identifier.

Processors 1103, or other processors or systems, may be configured to create, modify, and/or remove associations between subscriptions and subscriber devices in data repository 1106. The processors 1103 may additionally or alternatively be configured to manage network communications to and from the subscriber devices 1107, based on bandwidth information associated with subscriptions in data repository 1106.

FIG. 12 is a flowchart of a process of associating one or more computers or other computing devices with a network access subscription, as used in an embodiment. The method may be performed, for example, by one or more of the computing systems described in FIGS. 1 and 11, or by other computing systems.

At block 1201, multiple computing devices are associated with a single network access subscription. A network access subscription may be an enrollment, a group bandwidth policy, or the like. The association may be stored within computer-readable storage media for later retrieval.

At block 1202, a subset of available bandwidth is allocated to the network access subscription. The allocated bandwidth may be determined based on parameters associated with the network access subscription, stored or encoded data in the network system, currently available bandwidth, quality-of-service indicators, or the like.

At block 1203, network access is provided to the multiple computing devices. The bandwidth available to those computing devices may then be limited at block 1204. The limitation may be based on the subset of available bandwidth determined at block 1202. The allocated bandwidth may be shared among the computing devices, based on a best-effort allocation, a user defined allocation, a system-computed allocation, or other allocation scheme. Bandwidth may be limited by queuing, delaying, and/or dropping network communication packets, or by other means described herein.

Example System Architecture

FIG. 13 is a block diagram illustrating one embodiment of a computing system that implements the systems and methods described herein. In the embodiment of FIG. 13, a computing device 1301 is in communication with a user 1302, as well as an optional third-party data source 1303, via a network 1304. In an embodiment, the computing device 1301 receives data from one or more data sources 1303. The computing device 1301 may then perform analysis and prepare information for presentation to the user 1302. The gateway device 101, AAA server 102, portal page server 103, network system 1101, and/or any other computing system described herein may include the same or similar components as the computing device 1301. Similarly, the computing devices 1301 may be used to implement any of the methods discussed herein.

The network 1304 may include any communication network or combination of communication networks, such as one or more of the Internet, LANs, WANs, MANs, etc., for example. In the embodiment of FIG. 13, the computing device 1301 includes a computing system having one or more computing devices (e.g., computers). The computing device 1301 may include, for example, a single computing device, a computer server, a smart storage unit, or a combination of one or more computing devices and/or computer servers. Depending on the embodiment, the components illustrated in the computing device 1301 may be distributed amongst multiple devices, such as via a local area or other network connection. In other embodiments the computing device 1301 may include fewer and/or additional components that are illustrated in FIG. 13.

The example computing device 1301 may be a general purpose computer using one or more microprocessors, such as, for example, an Intel® Pentium® processor, an Intel® Pentium® II processor, an Intel® Pentium® Pro processor, an Intel® Pentium® IV processor, an Intel® Pentium® D processor, an Intel® Core™ processor, an xx86 processor, an 8051 processor, a MIPS processor, a Power PC processor, a SPARC processor, an Alpha processor, and so forth. The computer may run a variety of operating systems that perform standard operating system functions such as, for example, opening, reading, writing, and closing a file. It is recognized that other operating systems may be used, such as, for example, WindRiver VxWorks, Microsoft® Windows® 3.X, Microsoft® Windows 98, Microsoft® Windows® 2000, Microsoft® Windows® NT, Microsoft® Windows® CE, Microsoft® Windows® ME, Microsoft® Windows® XP, Windows® 7, Palm Pilot OS, Apple® MacOS®, Disk Operating System (DOS), UNIX, IRIX, Solaris, SunOS, FreeBSD, Linux®, or IBM® OS/2® operating systems. In other embodiments, the computing device 1301 may be controlled by a proprietary operating system. Conventional operating systems control and schedule computer processes for execution, perform memory management, provide file system, networking, I/O services, and provide a user interface, such as a graphical user interface (“GUI”), among other things.

The computing device 1301 includes one or more central processing units (“CPU”) 1305, which may each include one or more conventional or proprietary microprocessor(s). The computing device 1301 may further include one or more memories 1306, such as random access memory (“RAM”), for temporary storage of information, read only memory (“ROM”) for permanent storage of information, and/or a mass storage device 1307, such as a hard drive, diskette, or optical media storage device. The memory 1306 may store software code, or instructions, for execution by the processor 1305 in order to cause the computing device to perform certain operations, such as gathering sensor-related data, processing the data with statistical and/or predictive models, formatting data for user devices or other presentation, transmitting data, or other operations described or used herein.

The methods described and claimed herein may be performed by any suitable computing device, such as the computing device 1301. The methods may be executed on such suitable computing devices in response to execution of software instructions or other executable code read from a non-transitory tangible computer readable medium or computer storage device. A computer readable medium is a data storage device that can store data that is readable by a computer system. Examples of computer readable mediums include read-only memory, random-access memory, other volatile or non-volatile memory devices, CD-ROMs, magnetic tape, flash drives, and optical data storage devices.

The example computing device 1301 may include one or more input/output (I/O) devices and interfaces 1308, such as a keyboard, trackball, mouse, drawing tablet, joystick, game controller, touchscreen (e.g., capacitive or resistive touchscreen), touchpad, accelerometer, and/or printer, for example. The computing device 1301 may also include one or more multimedia devices 1309, such as a display device (also referred to herein as a display screen), which may also be one of the I/O devices 1308 in the case of a touchscreen, for example. Display devices may include LCD, OLED, or other thin screen display surfaces, a monitor, television, projector, or any other device that visually depicts user interfaces and data to viewers. The computing device 1301 may also include one or more multimedia devices, such as speakers, video cards, graphics accelerators, and microphones, for example.

In the embodiment of FIG. 13, the I/O devices and interfaces 1308 provides a communication interface to various external devices via the network 1304. For example, the computing device 1301 may be electronically coupled to the network 1304 via a wired, wireless, or combination of wired and wireless, communication link(s). The network 1304 may allow communication with various other computing devices and/or other electronic devices via wired or wireless communication links.

In the embodiment of FIG. 13, the computing device 1301 may include various modules described in further detail below. Each of these modules is discussed in further detail below. In general, the word “module,” as used herein, refers to logic embodied in hardware or firmware, or to a collection of software instructions, possibly having entry and exit points, written in any programming language, such as, for example, Java, Python, Perl, Lua, C, C++, C#, Objective C, etc. A software module may be compiled and linked into an executable program, installed in a dynamic link library, or may be written in an interpreted programming language such as, for example, BASIC, Perl, or Python. Software modules may be callable from other modules or from themselves, and/or may be invoked in response to detected events or interrupts. Software modules configured for execution on computing devices may be provided on a computer readable medium, such as a compact disc, digital video disc, flash drive, or any other tangible medium. Such software code may be stored, partially or fully, on a memory device of the executing computing device, such as the computing device 1301, for execution by the computing device. Hardware modules may be comprised of connected logic units, such as gates and flip-flops, and/or may be comprised of programmable units, such as programmable gate arrays or processors. The modules described herein are typically implemented as software modules, but may be implemented in hardware, firmware and/or software. Generally, the modules described herein refer to logical modules that may be combined with other modules or divided into sub-modules despite their physical organization or storage.

Example Modules

In the embodiment of FIG. 13, the computing device 1301 includes three modules, namely, a bandwidth management module 1310 that controls uplink and/or downlink bandwidth for connected subscriber devices, a group bandwidth policy module 1311 that manages group bandwidth policies for connected subscriber devices, and an authentication module 1312 that provides for authentication of subscriber devices. In some embodiments, the modules may be distributed across multiple devices, and may be controlled and/or operated by multiple different entities. For example, the modules may be divided among the gateway device 101, the AAA server 102, and the portal page server 103 of FIG. 1, or combined together within one or more devices. As another example, the modules may all be part of network system 1101, or a subset of the modules may be part of network system 1101. These modules are configured to perform methods as described throughout this specification. In various embodiments, fewer or additional modules may be included within a computing system.

The computing device 1301 may be configured to acquire user data and other external data such as third-party data. The various modules and/or other modules may comprise software alone, hardware alone, or a combination of software and hardware. The device may be especially adapted to communicate using a variety of network or communications protocols in order to communicate with external data sources such as data repositories, network servers, online services, telecommunication services, distributed computing systems, and so on. Some of these protocols may include standard network protocols, such as HTTP, FTP, SNMP, or the like. The device may further include hardware drivers, such as USB, FireWire, Thunderbolt (Light Peak), or serial communications drivers, for example to communicate with devices in direct communication with the system.

The computing device 1301 may be configured to transmit, or initiate transmission of, data such as user interfaces, data reports, application programming interface data, or the like, to requesting entities, such as external user 1302, that have registered interest with the system. In one embodiment, the device provides the data in an unformatted data structure, such as in an XML, CSV, TXT, or other spreadsheet, text, or web accessible data structure. In other embodiments, the device provides information in user interfaces, such as user interfaces that are configured for rendering by a web browser, mobile device, tablet device, or other device or application, for display to users. A variety of different presentations may be provided. In some embodiments, the requesting entities may indicate presentation preferences or configurations (e.g., data formats and/or types of information), and the device may transmit data based on the indicated preferences or configurations. The presentation format may also be determined based on the type of device being used by the user.

In an embodiment, any or all of the modules described above and/or other modules are configured to act in real-time. Thus, when data is received by the modules, the modules process that data as soon as practicable or necessary to provide users with timely information. In order to achieve this, specialized hardware may be used to gain efficiency, and executable code may be designed to minimize latency or computation time. In an embodiment, the modules, possibly with other modules of the system, are executed within a real-time operating system, to enhance the responsiveness of the system.

Summary

Depending on the embodiment, the systems and methods described with reference to the flowcharts and block diagrams, as well as any other methods discussed herein, may include fewer or additional blocks and/or the blocks may be performed or arranged in a different order than is illustrated. Software code configured for execution on a computing device in order to perform the methods may be provided on a computer readable medium, such as a compact disc, digital video disc, flash drive, hard drive, memory device or any other tangible medium. Such software code may be stored, partially or fully, on a memory of a computing device, such as the computing systems 101-103 of FIG. 1, network system 1101 of FIG. 11, and/or other computing devices illustrated in the Figures, in order to perform the respective methods. For ease of explanation, the methods have been described herein as performed by the various modules, such as may be executed on the computing systems 101-103 and/or 1101, which should be interpreted to include any one or more of the computing devices noted above and/or any other suitable computing device.

Conditional language, such as, among others, “can,” “could,” “might,” or “may,” unless specifically stated otherwise, or otherwise understood within the context as used, is generally intended to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or steps. Thus, such conditional language is not generally intended to imply that features, elements and/or steps are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without user input or prompting, whether these features, elements and/or steps are included or are to be performed in any particular embodiment.

Any process descriptions, elements, or blocks in the flow diagrams described herein and/or depicted in the attached figures should be understood as potentially representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps in the process. Alternate implementations are included within the scope of the embodiments described herein in which elements or functions may be deleted, executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those skilled in the art.

All of the methods and processes described above may be embodied in, and partially or fully automated via, software code modules executed by one or more general purpose computers. For example, the methods described herein may be performed by the computing devices described herein and/or any other suitable computing device. The methods may be executed on the computing devices in response to execution of software instructions or other executable code read from a tangible computer readable medium. A tangible computer readable medium is a data storage device that can store data that is readable by a computer system. Examples of computer readable mediums include read-only memory, random-access memory, other volatile or non-volatile memory devices, CD-ROMs, magnetic tape, flash drives, and optical data storage devices.

It should be emphasized that many variations and modifications may be made to the above-described embodiments, the elements of which are to be understood as being among other acceptable examples. All such modifications and variations are intended to be included herein within the scope of this disclosure. The foregoing description details certain embodiments of the invention. It will be appreciated, however, that no matter how detailed the foregoing appears in text, the invention can be practiced in many ways. As is also stated above, it should be noted that the use of particular terminology when describing certain features or aspects of the invention should not be taken to imply that the terminology is being re-defined herein to be restricted to including any specific characteristics of the features or aspects of the invention with which that terminology is associated. The scope of the invention should therefore be construed in accordance with the appended claims and any equivalents thereof. 

1.-20. (canceled)
 21. A network management system configured to manage bandwidth, said network management system comprising: one or more network interfaces configured to: receive a first plurality of network packets associated with a first computing device; and receive a second plurality of network packets associated with a second computing device; a memory configured to store: a first group bandwidth policy including the first computing device and the second computing device; and a first plurality of parameters associated with the first group bandwidth policy; and one or more hardware processors configured to: determine the first plurality of network packets and the second plurality of network packets are associated with the first group bandwidth policy; obtain the first plurality of parameters associated with the first group bandwidth policy based on the said determination; and queue, delay, or drop a packet from the first plurality of network packets or the second plurality of network packets before transmitting, from the one or more network interfaces, the first plurality of network packets or the second plurality of network packets based on the first plurality of parameters.
 22. The network management system of claim 21, wherein said determination further comprises identifying a first identifier associated with the received first plurality of network packets and a second identifier associated with the received second plurality of network packets.
 23. The network management system of claim 22, wherein the first identifier comprises a first MAC address and the second identifier comprises a second MAC address.
 24. The network management system of claim 21, wherein the first plurality of parameters comprise a group bandwidth policy identifier, an uplink bandwidth, and a downlink bandwidth.
 25. The network management system of claim 21, wherein the one or more hardware processors are further configured to determine an aggregate bandwidth based on the first plurality of network packets and the second plurality of network packets.
 26. The network management system of claim 25, wherein the one or more hardware processors are further configured to compare the aggregate bandwidth with at least one of the first plurality of parameters.
 27. A network management system configured to manage bandwidth, said network management system comprising: one or more network interfaces configured to receive a plurality of network packets from a plurality of computing devices; and one or more hardware processors configured to: determine a subset of network packets corresponding to a first bandwidth policy from the received plurality of network packets; determine bandwidth usage corresponding to one or more computing devices associated with the first bandwidth policy; compare the bandwidth usage with a bandwidth limit associated with the first bandwidth policy; and configure the one or more network interfaces to queue, delay, or drop one or more network packets from the subset of network packets based on the comparison.
 28. The network management system of claim 27, wherein said determining the subset of network packets comprises identifying an identifier associated with the received network packets.
 29. The network management system of claim 28, wherein the identifier comprises a MAC address.
 30. The network management system of claim 28, wherein the identifier comprises a room number.
 31. The network management system of claim 27, wherein the one or more hardware processors is further configured to change the bandwidth limit based on a user request.
 32. The network management system of claim 27, wherein the one or more hardware processors is configured to determine a first group of network packets corresponding to a first computing device from the subset of network packet and prioritize transmission of the first group of network packets.
 33. A network management system method for managing bandwidth, the network management system method comprising: receiving a plurality of network packets from a plurality of computing devices; determining a subset of network packets corresponding to a first bandwidth policy from the received plurality of network packets; determining bandwidth usage corresponding to one or more computing devices associated with the first bandwidth policy; comparing the bandwidth usage with a bandwidth limit associated with the first bandwidth policy; and configuring one or more network interfaces to queue, delay, or drop one or more network packets from the subset of network packets based on the comparison.
 34. The network management system method of claim 33, further comprises identifying an identifier associated with the received network packets.
 35. The network management system method of claim 34, wherein the identifier comprises a MAC address.
 36. The network management system method of claim 33, further comprising adding an identifier to the first bandwidth policy.
 37. The network management system method of claim 33, further comprising generating a portal configured to allow users to select the bandwidth limit. 